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program in a subseHfoer l^rmma! 

(ST) in a pay broadcasting system, daf& of a br oad * 
casi program is ecrarWed w*fh a scramble key updated 
in a short period. The scramble key is encrypted with a 
first key assigned to the $;ub$aEber terminal Tfts first- 
hey encrypted with a first master key set in the sub- 
scriber terminal. Tile security of a broadcast program 
steed for subsequent use in the subscriber terminal is 
enhanced as Mam. A central statta generates a sec- 
ond key -encrypted &cranifele key by encrypting the 
scrarn&e key with a second key different from tie first 
key and changeable In an interval shorter than a update 
interval of the first key; generates an ancryjtfed second 
key by encrypting f be second key with a secartd master 
key which has been commonly issued to subscriber ter- 
minals of the system; and broadcast the second key* 
$mrp\®0 mmmm key and the M ypted sesonb key 
together with the scrambled data of the program, the 
first key*encrypted scramble key and the encrypted f inst 
Hey in a multiplexed manner. When a broadcast pro- 
gram is to be stored, the subscriber terminal stores the 
scr&rr^ied d« of the i^oadca^t program and the sec - 
ond key-encrypted scramble key; decrypt the encrypted 
second key with the second master 
key, which is added to a stored program second key list 
Ih0 stpreci program fe tes be axscuisd, tfia sacond key- 
encrypted scramhie key is decrypted with a correspond- 
ing am of secor'id keys m the stored pfiogram sec- 
ond key lie! into a decrypted soram^e key; and the 
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scram&led data of the broadcast prc^ram is uhsemm- 
bled with the decrypted scramble key 
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$. 1, Field of the Invention 

JO0O1 3 The i nvention relates to a pay broadcasting system and, more particular^ to a rmihod of and a system for 
blocking illegal access to a downteded a^ stored pro^m in a subscriber ter minal in such a pay broadcasting system. 

W. 2, Description of the Prior Art 

IOO0&] In a pay broadcasting system, a central station {or program provider} generally broadcasts a scrambled pro- 
gram, permitting a subscriber to unscramble the scrambled program only wtien the execution of the ^ 
is valid 

?5 {00033 pay feroadoasting system usually uses three kinds of keys; a scramble keys (SKt) updated frequently, say. 
every second (tie suffix t denotes an update fthie) ; a work Key (WKl) assigned to each of the &ub&cr ib^r teroiinais (the 
suffix 1 5s a serial number assigned to a ra^ect^e subscriber tafminai) and updated at the time of renewal of the sub- 
set iption contmct {e.g v , onsea year); and a m^ster ike^ {MKs} issued to each o f the subscriber terminals, ${pred in an IC 
integrated circus card and set m the subscriber terminal . The cental station scrambles data (PD) of each program 

m with a scramble Nay of -the time to provide scramble key-scrambled data {hereinafter, denoted as "SKilPDj^ while 
encrypting each of the scramble keys used 1st the program with each of the wot^ ^ays associated wiih the subscriber 
terminals to provide work key-encrypt^i scramble keys WKlfSKtj, WK2£SKtj, ,,,, WKNiSKtJ: where H is the number of 
subscriber terminals served by the program provider. At fhe time of renewal of the subscription contract for the sub* 
schber {terminal} and the program provider, the central station encrypts a new work key (WKl) for the subscriber term*- 

55 nal with the master key associated with m& s^ssrt&er terminal {i) and issues m $€ card which stores a master key- 
encrypted work key MH5[WK& The scramble key-scrambled data, the work key-encrypted serambie keys and the .mas- 
ter key-er^rypted work keys are multiplexed and broadcast from the center station. If a subscriber terminal has a valid 
master key of Its own, then the terminal can decrypt the master key-encrypted work key MKiJWKi] with its own master 
key into the work key WKi: decrypt the work key-encrypted ^rarrteEe keys W^fSKtj with the work key WKi into the 

.so scmmbie key SKt; and mm art^Se the scramble key ^rambl ed data SKt|FP3 with the scramble key SKtto f inaiiy obtain 
and enjoy the program data PD. 

[00043 Japanese unexamined patent publication No, HeilQ-11894 {1998} by Karino et aL disposes a system for 
receiving, recording and playing a pay scrambled broadcast program. If the system is to store a received program, the 
system aiso stores key infOrnmtion neoessary for playing the s^red p^ram; This enables the system to onscmmbie 

ss the stored scrambled program by reading out the stored key information and using the 1 nf or mation in the same manner 
as in case of real lime reception; The system is also provided with means fer prohibiting playing of a scored problem if 
the availability of the stored program has expired. 

However, if an attacker breaks the work key of a stfecriber terminal, the attacker can illegally enjoy the pro- 
grams broadcast thereafter and havi ng been stored so tar until the available period of the work key expiry. Once a work 

40 key is broken, the stored programs can he used regardless of the available periods of the stored programs even if the 
system Is prnvided^ illegal use of broadcast programs 

can be reduced by shorten the available pehod oHhe work keys. However, updating the work keys hundreds ^ *h®^ 

a tot of work keys with a respective master key {WKi}. 

mmmimTMBmdSMrm 

£00063 The foregoing program In the prior art has been solved In: accordance with the present invention, 

100071 In a pay broadcasting system including a central station and a subscriber terminal, data of a broadcast pro- 

■$o gram is scrammed with a scramble key updated in a short period The scramble key is encrypted with a first key 
assigned to the subscriber terminal The tlrst key being encrypted with a first master key set in the subscriber terminal 
According to the present Invention, a method of enhancing security of a broadcast program stored for subsequent use 
in the subscribe terminal in such a broadcasting system: in the centra! station, a second key-ehcrypted scramble key 
is gener&^ by encrypting the scramble key with a second key different from the first key and changeable In an interval 

55 shorter than an update interval of the first key An encrypted second key is generated by encrypting the second key with 
a second master key which has been cpmrnonfy issued to subscriber ferminaits served by the central station, The sec- 
ond key-encrypted scramble key and the encrypted secor^ aFBfeoa^astfog^er wrth the scraped program, the 
first k^encrypted scramble key and the encrypted first key in a multiplexed manner. In the subscriber terminal When 
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a broa<fea^ pr^am is stored tot.. subsequent v*se< 9& mmM$$ deta of Ihe Mrm$$m program and me second key 
encrypted scramble key are stored ;1he encrypted second key is decrypted with the second master key into the second 
key, whtt added to a stored program second key Jisi If the stored program is fcs be a^aitad, the second key- 
encrypted scramble key >s decrypted with a corresponding one of the second ^ key 
5 list into a decrypted scramble key; and the scrambled data of the broadcast program }s unscrambled with me decrypted 
soram^e key. 

[00083 to one embodiment the second master key Is di#feuted stored in an i C card, 

pOQSj Alternatively; the second master key may be encrypted with the first master key and broadcast to the terminals, 
in this case, the terminal decrypts the encrypted second master key into a decrypted $e<Jond master key and ue&s the 

>o decrypted second master key for decryption of t^e encrypted secojid key 

£0CJ1 0] to a preferred embodiment, mtifo of the broadcast programs is assigned a respective second key. 
[0011] in the emi^meni at a time of generating an encrypted key, an ID of the key used for the generation is also 
generated such that the generated encrypted key ar^cotrespondi^ iD are treated in a pair The central station is per- 
mttted to broadcast a new second key $or a program that has feroadcast before, if a second key with an ID that accords 

f 5 with an ID of any second key in the stored program second key list is received in a subscriber terminal the terminal 
replace the found second key with the recei ved second key This feature enables the centra* station to prohibit the use 
of any broadcast program at any desired tima 

£0012] The features and advantages ol the preseiilinvention ^ lowing deschplion of an 

exemplary embodimentof the invention and the accompanying drawing in which:: 

RG, 1 is a schematic biock diagram showing a central station 1 of a pay biTOdcasti ng systehraecordi ng to an te- 
as trative embodiment of the irwantion ; 

FIG. 2 is a diagram showing an exemplary structure of the RIPE key table 112 stored m the controller i 10; 
Ft<3,3 is a dia^mm show^ 114 stored in the controiler l to 

FIG, 4 is a schematic ^oekdiagram showsng an arrangement erf the suhsoriber ierminat (STi) 2 of FtG i;and 
FiG& SA and 58 are schematic block diagrams showing an exemplary central station la amtsubscriber terminal 
m M of a pay broadcasting system according to an mod^isa^on of the embodiment shown in FiGs. 1 and 4. 

p*13] Throughout the drawing the same etements when shown in more than one figure ar& d&st^ated byfje $ama 
reference numerate 

^ D£TA!l£P pEgCRjpTiOM Qf THE PBEFgRBEQ E^QQppgNTa 

[0014] Ff£& 1 ie a schematic $c#cd3&gram showing a cen^l station 1 of apay broacfea$ting sy^&m according to an 
illustrative embodiment of the invention. As shown in FIG, 1> the pay broadcasting system comprises at least one cen- 
tra} station 1 and a multiplicity of subsotlber terminate STi (i * 1 < 2. , s,N< where N is the number of subscriber terminals) 

10015J The inventive broadcasting system uses two encrypted versions of each of #equenlty updated scramble keys, 
The two encrypted versions are encrypted with re^ect^e work keys: 1 e > a work key lor realtime program e^ut«^n 
and a work key for stored program execulJbn {hereinafter, referred to as <r &TPE work key" and *SP£ work key*, respac- 
tiveiy}. A RTFE work key TWKi i$ assigned to each subscriber terminal STio The terminal BTi can use the key TWKi for 
4$ unscrambling a recast progmm in realtime A 8RE work key PWKp ie assigned to each program PDp fp ^ %>% 
M, where Mis the number Cft programs broadcast in a certain period). The &PEmxk\<g$FWKpA& used for unsaam- 
biing a stored program PDp. l^rthm ma^ central station 1 has a BTPE encrypting eptem and a SPE er>cfypting 
system SimHarly each termjnei 2 has a OTFE and a SPE deorypting system, 

(Om $} The central eta^on 1 coinphses a program data manger 1 01 {which may be a conputer) fer si^ying a pro- 
m gram data FDp according to a broadcasting scheduler a scrambler 10$ whose input is connected to the program data 
manger 101 output; a sommbie key generate 103; a contrstler 110 which auppsies a reai4ime-#i^gram execution 
(RTPEJ scrambie key; an HTP£ master key, a stored-program executson {BPB} work key and an SPE master key; an 
RTPE scrant>}e key encryptor 12t3; an RIFE work key enoryptor 121, an SPE scramble key encryptor 128; an SPB 
work key enoryptor 125; arid a multiplexer arid franemmer {MUX a TRANSMITTER) 1$7. 
m 100171 The controller 110 is preferably a computer incW^^ 

master key data 1 18, FiQ, 2 is a diagram showing an eKempiary structure of the RTPE key tabje 1 12 stored in the con" 
trolier l io, Each record of tie RTPE key t^e 112 conprfees the fields of subscriber terminal iD r RTPE master key 
Ideht&ier {TMKi JD), RTPE master key {TO m RTPE work key iden^iej1TWKyO) v RTPE work key {TWt% e^imiion 
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data (® mrtmck date) of the RTPE work etc. While the master k^y TMKi Is per mgnently mM , the work key TWKt 
is vaSdlor a predetermined period of time ftt^i a conl^ RTPE master key TMKi and an RTPE 

work key TWKi are as^^edfeaM^htermiiiaJ §11 a^tecpr^^ iC ca$tl> which 

is set in a subscr iher -terming- STi {as shown m FIG, 4}. FK3. 3 is a diagram showing an exemplary sfructureof the 0t~ 

$ work key tab^ 

broadcast time & d&te> a valid period timn® ^ri^ exacufirtg or viewing of fcp^ 
identifier (RWK^O), a SPE work key (PWKp) , etc. An SPE work key PWKp is assigned to each program PDp. 
{00183 It is noted that the program provideris ^ program, If a valid period is set 

to a program PDp, then the sonfroiier 1 10 updates the work fey PWKp at the mp Won of the valid period This enables 

io prevention of executing tfce programs PDp stored in subscriber terminals. The SP£ master Key MK 1 16 stored in the 
controiier 1 10 is a key assigned tolhe program prqyictef or the mttml station t. 

{0Ot 9] Throughout the f igwes, any encryptor or deoryptor has three terminals: i .a, a terminal through which an 
encryption or decryption key is jnput |hereinate, refers to as "key input (terminal)" a terminal through whtch data to 
be encrypted or decrypted is input (hereinafter, referred to as "(data) input 1 ' or simply Input"; and a terminal though 
?5 which encrypted or decrypted data is oi.^ut|hereinafter. referred to as "output (terminal The input and put ter minals 
of an encryptor or dscryptor are shown &s disposed on facing skies of a block that indicates the encryptor or decryptor. 
The key input terminal is shown as disposed on one of the remaining sides of the block, 

|OC3f20| It 1$ noted that the arraws in FIGs, 1 and 2 (described later) dp not necessarily indicate actual electrical con- 
nections. Some of the arrw^ do indicate actual electncai connections and the others Indicate data fiow§ ( La, logical 

m connections. In other words, an arrow used for such a io^icai connection indicates that data specified by the label 
shown aiong the arrow is soj5pjiad from the #ementwhere the antiw originates to the element the an ew points. 
{0021 } In broadcast pperation, the scramble key generator 1 8$ generates scrapie keys SKt very frequently, say; one 
key pm second at time t The data of a program PDp supplied * ?<m the program data manger 101 Is scr^m^^d by the 
scrambler 105 with the scramble key SKt ( yielding a scrambled program data SKtfPDpj 

55 fin a similar manner, it is assumed that the result ofan^ a key K is expressed as ^KJXJ 0 , 

which is assumed to equal ..Y Also, the result of decrypting data Y with the same key X & expressed as Wff] X) 
Then> expressions such as fellows are possible : K1K{X]3 * K^YJ * X , and KpCjYj] * K|X3 - Y } 

In order to generate key information lor reai time program execution (RTPE), the RTPE scramble key encryptor 
120 receives the scrape key SKt through its data input, and a pair of RTPE work fey identifier TWKUP and key itself 

.so TWKi {hefeinalten expressed a& XWKyp, TyvKS) 1 } for each subsorf>er terminal STi through its key input; and 
encrypts the scramble key with the RTPE work key to provide, for each terminal STt, BTPE work key identifier Tl^KTJO 
and BTPE work key-encrypted scratt^le key 'TWKj[SKtJ'' Cwtiioh are h emlnMer exprBSS^d en blqo as (TWKUQ f 
TWKjpKt]} and referred to as "encrypted scramble key ( SKt) m That m ( SM) Ti * (TWKUft TWKifSKtg , \n other 
mmfei the encryptor 120 ou^iuts N encr^tesl scramble ke^$ (SKDTl. ^ SKt>T2> ., „ iSKt JTN tpr each bramble key 

s$ SKt. Qn the other hand, the RTPE work key encryptor 121 receives RTPE work key and its Identifier {TWKIJDv TWKi} 
tor each subscriber terminal STi, through an enory^or 121 data input, and cdrre^onding RTPE master ^ey and its 
Identif ier {TMKMD, TOKi), through an encryptor 121 key input terminal; and encr ypt$ the RTPE work key and its iden- 
tifier (TWKUO, TVVKi) with tie corresponding TRPE master key TMKi to provfele, for each terminal STL a set ol an 
RTPE master key identifier, a TMKi- encr>^ted RTPE work key identifier and the key rtseit ie. t {TMKiJQ, 

40: TMKsfWKUDI, TOKifTVVKil). This set is referred to as "encrypted work ks^ OXffli" That h t 
i TWKi) « {TMKLID, TyKi[TWKLID] , TMKiiTWKI]} . 

10024^ in order to generate key infomiatton for stored program execution (BP E) v the SPg scran^le key ^oryptor 1M 
receives the scramble key SKt, through its data input and a pair of SPE work key identifier PI^Kp JD and the key itself 
FfttfKp {hereinafter, expressed as '{PIVtKpJD, PMKp) IH ) for the current broadcast program PDp through an encryptor 

4s 1 S3 key input; and encrypts the scram^e key with t^te W& work key to provide SPE work key identifier PWK&JD and 
SPE work ^encrypted soramfele key PVVKp(SKtj {which are expressed en bloc as (PWKprO, PWKp|SKt|) and 
referred^ to as ' h enc^ypted scmntsle key < SKO Pp% That is ( C SKt I Rp ^= (P WKp JD V FWKp[8Kt]f , On the other hand f 
the SPE work key encryptor 125 receives SPE work key and lis identifier {PW^pJO, PW%5, through an encryptor 1 25 
data input and the SPE master key and its identifier (MKJ0< MK|> thrxju^h an encryptor 12S key input terminal; and 

■$o encrypts tie SP£ work key and its identsfier (PWKpJD. FWI^) with the SPE master key MKto provide a set of the SPE 
master key identifier, an MK- encrypted SPE work key tdent^ier and an MK- encrypted SPE work key i.e^ (MKJD, 
MKpWKpJD], MKIPWKp]) This set is referred to as ^K^encrypted work key (PWKp}'. That is 
< PWKp> * PKJD, yKfPWKp^iD], MKiPVVKpl) , 

The scrammed prcgmm data STtJPDpi the RTPE encrypt^ scrar^e keys ( S&t>T1 - (SKp TH } the RTPE 

as master key encrypted worK keys (WKi i - <TWKNhthe8P£e^^ 

key encrypted work keys i P WKp) are ©u^ied to the MUX a Mnsmilter 1ST, and multiplexed and transmitted to tie 
tejminais^, 

1002^3 FIG. 4 fe a schema^fc hlodt diagram showing an arrangement of ^e subscriper terminai {STi} 2 s* FO. 1. in 
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FIG, 4, the terminal 2 cof^^^ 

t*pie*er 20$ having its input connected wrth a tuner 203 output; a mass storage contour 20? having M record data 
input terminal connects with a demultiplexer SOS first output t^rm^nali a mass storage for storing p^rams to J>e 
recorded and encr>^ed scramble keys used for unscranlbiing the stored programs; a i : *rf-2 sector 21 1 having R and 

5 P inputs (for RTPE mode and SPE mode) connected with the demultiplexer 205 first output termini and the mass stor- 
age controller 207t0ad data output respectively; a separator 213 having ife input connected with the selector 21 i out- 
put; a unscramble 21$ having Its Input connected wttft the separator 213 SKt[PDf^ output terminal; a 1^2 selector 
217 having sis output connected with the scrambler 215 key input; a decoder 219 having ife input connected ^ith tha 
scram^er 2 1 5 outputs output devices 221 such as a display device* loudspeafef s, ate. ; a controller 223 for controilrhg 

io overaii operation of the terminal 2; a oontol s^ifcha^ 225 with which the user can give controller 223 desired 
instructions: and a secure module 230, 

[00&7J The security module 230 comprises a memory 232 for storing a reference RTPE work key ■ (TWH3 JD, TWKO 
234 for He program being received and £P£ work Keys (or a storad p^ram wmk key list} 

236 for the stored programs f PDtfl q e Q scored in the mass storage 209; an RTPE work key d^ryptor 231 having its 
data input ew output: an fTTFE scramble key decryptor 233 having its data 

input connected with the demultiplexer 205 i SKiJTi output and Its output oonnectad with the selector 21 7 R input (tor 
RTPE mode); m SFE work key dea ^fer 235 having its data input connected with the demultiplexer 205 < PWKp? out- 
put; and an SPE scramble key decryptor 237 havrng its data input connected with the separator 213 { SKt) Pp output 
and its output connected with Ihesefeor 217 P input Thesecurify module 230 further includes an !<J card interface 
{not shown) for setting an IC card 240 in the module 23& The iC card 240 stores a piece of BTPE master key informs 
so lion (TMKLP*-TMKiJ 242 and a piece of SPE master ^information (MKJ0> MKJ 242. The controiieir 223 su^ia$ the 
tuner S03 v the demultiplexer 205 and the secudty module £30 with respective control signals, AJsojhe controte 
supplies the selectors 211 and 21 7 with an identical control signals, 

[0028] in operation, lha user can select a desired service or channel through one or mora of the control switches 325. 
Then, the tuner 203 selects the desired channel from radio wave signals received toy the antenna £01 and passes the 

si? selected channei signat to the demultiplexer 205. The demultfpter 205 demultiplexes tie channel signal to output, via 
its f fr st ouiput terminal, the scrammed program data S&tfPQpi and the encrypted scramble keys (SKt) Pi - i SKt) PM 
and; to output the enacted scrape keys "i SKUT1 - < SKt>TN, the encrypted work keys < TVVK1 } - (TVVKN> and 
the yH-enorypted work keys ( pWKi ) - (PWKM) via respective output terminais of the demuftipiaxef 205, 
[0029J The gubsorlfe^r ferminai 2 qpemtas in ona oflhe three modes: 1b,, a raal-lima prc^mm ^cution (RTPE) mode 

$$ in which a reoav^d m ogram data is directty presented is the mm; a receding mode m which the received program data 
is stored in the mass stpf e 209; a stored program e5<eoutlon ppiE) mode in which a specified one of the stored pn> 
§r^ms t$ eKecut^d and presort to the xmr; and a ^nd% mode. 

[0030] In the RIPE mode, the selector s 21 1 and 21 7 are so controiied the R input is aeieded, re,, the R input is con- 
nected to the common (output terminal. Then, the dsmuMiple^ 205 firs! mtpift is supplied to lha aeparatof 213, 

4$ Accordingly; the scrarr^led program data SKt[PDp] is s implied to the unscramhier 21 S> 

10031 ] On the other hand, the RTP£ work i^y decryptor 2ai monitom each of the received encrypted work keys 
{ TWKi ) ( TVM^ } fmm the demultiplexer 205 to sae if th^ tm$$m key Identif ier TMKHD of the tmmmi encrypted 
work key {TMKUR TMKirW^LiR]: TMH3fTVVKiJ} accords with the origin master : fey identifier of the WTPB master 
key {TMKnd, TMKi) 242 sforad in the iC card 240. If m> the deorypfof 231 dm ypta iha receivad TMKi^encryptad work 

*s key 10 and the received TOKi-encrypted work key wsth the originai master key TM Ki to obtain an BTPE work key 
{TWKiJOv TWKi| t which ia stor^ as 234 in tM memory 232. 

[0032] The RTPB scrar*3e key decfyptor 233 monitors each d the received encrypt - 
( SKt > TH from the demultiplexer 205 to see I the work key identifier TWKMP of the received encrypted scran^ie key 
{TWKUD, TWKi|$KtS accords with the work key identifier of th a RTPE work key tTWKiJD, TWKi) 234 stored in tha 

m memory 2^2 by the RTPE work key decryptor 231, if so, the decr^tor 233 decrypts the received TWKi-encrypted 
scmntJta key TWKi{SKt| with the stored BTPE work key TWfti to obtain the semm^a key SKI, The stained scramble 
key SKt is supplied to the key input of the unsorarr^er 21 § through the seiector 217, By using the obtained scramble 
key SKt, the unsemmbiar 215 decr^>ts the encrypted program data SkS[PDp3 Into original program data PDp, whtch is 
then decoded in the decoder 21S and pro&ented through output devices 221 to the user. In thi$ way, if the RTPE rnasiar 

m key {WKtJD f TMKi} is vaitd^e user can enjoy the broadcast program in real time, 

[0033] in case Of tha reoofding mode. ie.. if a program "q" {specified by the user) is to be mmfd&ti in the mass storage 
&Q% the selectors 21 1 and 21 7 are confro8ed in tie same manner as in case of the RTPE mode : For th^s reason, the 
received program data can be presented to the user in real time while being recorded in the mass storage 209. in this 
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mode, the mass storage controller 207 stores the erupted program data SKl[PDcjJ' &nd the eo^ypted $bf^rt^€ key 
< SKt > Pq as they sure (La, in a multiplexed manner) in the mass sidmge MB. Alfero&tiyeJy. the program data SKt£PPq| 
and th0 encrypted scramble key <SKt) Pq may be steed in separate a?M$ in 81$ storage 289 associating the torroer 
with the latter, farther, th e data S&tfPOqj and the Kay < SKt > Pq may foe stored even in different storage madia as long 

$. as they are associated with each other: 

10034} When the data SftiJPD^ key (SKi) Pq are stored in the storage 209< the SPE 

work Key decryptor 23§ monitors each of the received encrypted work keys (PWKp) from tie demu^plaxer ^OS to saa 
if the master key identifier MKJO d the received encrypted work key pKJD* MK{PVVK£jp|, J^K{^WK^S} accords with 
the cfriginai r^ P&j£>> Mty 244 stored in the 10 card 240 if $C\ the decryptor 

M 235 decrypts the matched work key < PWKp :> with the od§inai SPE master key UK into an SPE work key {PWKpJD. 
PWKp},^ fPWKcyD, FWKct) to tha stored progr&m wsrk key list 238, i.e., SPE 

work keys 



236 for the stored proems {PDqJ^Q stored Infhe imss storage 20$. 

10035] Thereafter. In any mode, the control 223 monitors a work key identifier PWKp JQ of a decrypted version of 
m each of the received encrypted work keys < PVVKp) from the demultiplex^ 205 to see If there is any stored program 
work key (PWKq^iD, FVMq) wrK>se wr^^ with the work k^y identifier PWk^jp in the 

stored program then the controller 223 replaces the work key PWKq of the matched stored pro- 

gram work (PWKqJ D. FWKd} with the work k^ PWKp ol the decrypted version. Doing this ena^as the central sta- 
tion 1 to update a stored program work key In the stored program work key list 236 m the subscriber terminate 2 . 
2$ |0036j in the SPE mode or if the user h^ ooncerning one of the stored pro- 

grams in the mass MB* the controller 223 control the selectors 21 1 and 7 to select the P terminals The con- 
troller 223 also commands the mass storage controller 207 to read out the program f 'q" pacified by the user torn the 
mass stage 209 (qsG> where Q is a subset of (p { p»V2, M}). The read^ort^^ 

and encrypted soiBrhbia key { SKt .) Pq are si^ied to the separator 21 3 input through the selector 21 1 , The separator 
zo 21$ output the read encrypted pmg^ ( SKOpq to the unscrambfer 215 

ivpm and tie SPE scramble key decrypfcor 237 data input, respective 

|0037| The deorypior 237 searches the stored program work key list 236 for a stored program work key (PWKqJD, 
PWKq) whose work key identifier PWKqjD accords with the work key identifier of the received encrypted scramble key 
( SKt) Pq from the separator 213. Then-th&decryrMor2Pd^ (SKUPq with 

35 the work key PWKq ol the found vvo^ This decryption must be successful as long as tie 

work key used for the decryption has not been updated by the central station 1 , Otherwise, the decryption wiii tail 
100383 The decrypted program data PDq & then d^oded in the decoder 2 i 9 and presented through out|>ut deuces 
221 to the user, in this way, H the SPE master kay PKJ&< UK) Is valid and if the stored program work key used for 
decrypticp remains unchanged since & program to Oe ^ecutBd been stored in the mass storage 209 : the user can 

4® enjoy the program. 

100393 As seen from the fere^Oirtg, ew if any of the SPE work keys is broken, the loss caused by the breakage can 
be minsmi^ed became tha SPB Further, the program pro- 

vider 1 can chan^e te SPE work keys even after the SPS work keys rwe bean broadcast This further enhances the 
security of f ha downloaded programs. 

ivfodifscation 

100^33 The above^deschbed entx^iment shown by F^Os. 1 and 4 can be arranged as shown m FIOs. SA and 58. In 
FIG. I>&, a centr^J station 1a further co^ ises a SPE roaster key encryptor 130 for er^crypting SPE master kay 

so (MK„|R MK} wiitl each of the BTPE master keys TMK1 - TMKN to provide TMHS-enorypted SPE master keys < MK) 1 . 
( 5 2, < MK) which are mullpexed and fe ansniitted with tie above-mentioned signals by the WUX ^ transmitter 
127. A TOKi-ancryptad SPE master key tMKH is defied as pMKUft TOKipKJD], T^SKipK]). 
f0041| In a subscribe terminal 2a of FIG. 5B, the demultiplexer has been replaced with a demuftipie^er 20Sa 
which 11^^* ha^ The terminal 2^ further provided with 

■m- a SPE master key dee^ encrypted SPS master keys, i with fe BTPB 

master key {T^KMD, TMKi) 242 sk^ed the iC cand 240a {which no ionger stores the above-desohbed SPE mgtster key 
PKJD, IVIK) 244} k3 provide a decrypted received encrypted SPE master key ! the RTPE master k^ idantifier 
TMki JD of the received encrypted SPE master key <MK) \ accords wrth that of the stored RTPE masta k@y 242. The 
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decryptor 2M mm tiie received SPE master key (MKJ.D, MKj instead of the stored SPE master key (MKMD, MKJ 244, 
[0042] In this system, tHe master key lor RIPE mocie ^ disiraxit^d stored in m 10 card £40a, white ;the master keys 
lor SPE mode are broadcast to ^t^^ 

Marty widely different ernbodiments of the present invention may be consir wcted without departing from the 
sprit and scope of the p asent invention. It should be understood that the present invention is not lir 
emtafiments described in the speerf icatim. except m defined in tie &pp£?xM claims. 
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in a pay broadcasting system including a central station and a subscriber terminal wherain data of a broadcast pro- 
gmm is serambt^d with a scramble key updated in a short period, the scramble key being wiory^fBd with a first key 
assigned to tbe subscriber terminal the first Key being encrypted with a first master key set in Uia subscriber termi- 
nal B tm®^ of enhancing security of a broadcast program stored for subsequent use in the subscriber teotiinal 
the method in^n^in0 the steps of: the central statten 

genetat^g a second ksy-eoayptedscmmbie^ scmmhie keywiift^^ 

ond key being different from said f ir^t key and changeable in an i; 
firstkey; 
generating an * 

commonly issued to subscript terminals served by said central station; and 

bf<^dc&sling sa^ and said encrypted second key together with said 

scrambled data of said broadcast program, said f irst key-encr ypted scramble key and said encrypted first key 
in a mMltspfe)^ manner, and 
the subscriber terminal 

in storing said broadcast progmm, stonng s&sd scrambted data of said broadcast program and said second 
key-encrypted seran^ second key with said second master key into said sec- 

ond key and adding said second key to a stored program second key iist; 

il said stored program is k> be executed, decrypting eatd second key-enerypted scramble key with a cor re- 
sponding one of said second keys in said stored program second key 1st into a decrypted scramble key ; and 



2. A method as def shad In data 1 a further including the step of setting a removable storage storing said saoond master 



$6 & A method as defined in ciai m 1 , further including the steps of: 

said cental station encrypting said second master key with $a*d first master key and 
encrypted second master key : and 

said terminal decrypting said encrypted second raster key Into a decrypted second master key and wherein 
m said step of decrypting said encrypted second key with said second master key uses * 



A method as defined in claim 1, tether inrJbding the .i 
cast programs. 

A method as delink in claim ^ wherein each of said genera^ 

key used for said generated encrypted key such that said generated enorypted key and corresponding iD are 
S in a pair, wherein the method further includes the steps of: 

the cental station broadcasting a new second key for a program that has broadcast before; and 
if a second key with an ID that accords with an ID of any second key In said stored program second key list is 
received, the subscriber terminal replacing said any second key with said second key with said iD that accords. 



& A station for broadcasting a prsgn&nvto a 
m loaded programs in a pay broadcasting system, the station comprising: 

means for scrambling data of a broadcast program with a scramble key updated in a short period - 
means for encrypting said scrembte key with a first key assigned to each terminal; 
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means for encrypting, for each terminal said first key with a first master key set In Mminal^ 

means for generating a seoond key different fnom ^cS f trst key in an time interval shorter than a u?)dale interval 

of said first key; 

m«ans for encrypting said sorarr^0 key with said seoorKikay into a second key-encr ypted scramble kay by:: 
means tor generate m encr ypted second Hey by encrypting said second key with a second master key which 
ha$ tern) €ommqf% issued to said $ubssf befiarfr»nafe and 

means febrpa^^ of said for oadcast program, said f irst ksy*encrypted scramble key 

encrypted first key, said second key-encrypted scmmWe key and said encrypted second key in a multiplexed 
mann&r. 

7. A state «s defined *n claim 6, wherein said seoortd master key is distributed stored in a removable storage to said 



A state as defined m< 
tar I 



A station as defined m < 



\ means ton 



{ second master key. 
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i% A state as defined in claim 6, wherein each of broadcast programs is assigned a r aspective second key. 

11, A station as defined in claim 10 : wherein each of said generating means k^cludes means tor gen^rattng an ID of 
the key used for said generated encrypted key such that said generated encrypted key and corresponding ID are 
treated In a^ new second key for a program that 
has broadcast before so as to profit any use of said program that has teadcast before, 

12, & subscr iber terminal capable of storing a received program and executing ona of the stored programs lata? w&h 
m enhance security against illegal access to the stored programs in a pay broadcasting system; wharein 4ata of 
the received program has been ^mml^ed with a scmmble key the subscriber terminaHncluding' 

meanrfbr demultiplex^ program into scrambled program data, f irst encryptad scramble keys 

encrypted with first keys for subscriber terminals in Ibe broadcasting system and encrypted first keys 

encrypt with respective first master keys; 

meanslor usi ng said scrambled program data, sakHkstenory^^ 

to present said received program to a user in real time; 

^id demultlpl^ng maan$ further providing a second encrypted scramble key encrypted with a second key dif- 
ferertt from said first key and changeable in an time internal shorter than a update internal of said first key and 
m encrypted second tey art^r^ted ws^ a second ma^r 1^ wh?ch has tjsaen commonly issued to said sobv 
sa*bar terminate; 

means, responsive to a recording command to store said received program tern said user, for storing said 
shambled program data and said second encrypted ^rarr^a key; 

means, responsive to said recording command, for decrypting said encrypted second key with said second 
master key into said second key and adding sad second key to a stored program second kay list; 
means> responsive to a execution command to execute said stored program, fer decrypting said second 
encrypted scramble key with a corresponding one of said second keys in said stored program second key iist 

means for unscrambling said scrambled pfo§ram data with said decrypted scramy e key: 

1& A subscriber termnai as defined claim 12. wherein said second master k^ 
is set in the su&sohber terminal 

14, A subscriber terminal as defined mm 1£> wherein said demultiplexing means further prwiding an encrypted sec- 
ond master key encrypted withsaki first master key and wherein the subscriber terminal further comprising means 
for decrypting said encrypted second master key into a decrypted second master key; and wberein said means for 
decrypting sai$ encrypted second key with said second rftastarkay uses said decrypted second master key: 



t& A subscriber terminal as defined claim 12, wherein each of broadcast programs is as^gned a respective second 
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epo ses m m 



1€> A subscriber t^m^a^s defined mm m whmm mch of mM various ©nsrypted keys Is broadcast wifft an iD of 
the key used for generating s&sd each ^icrypted key sueh said each encrypted key and wraspor^mg ID are 
treated m n pm t whe^ifr ih^ sti^rtb&r ter m^i irt$Md£§ mesr^ apBraSve »1 the sverrt a second key w*t& art ID 
that accords with an ID of any second key in safd stared program second key list is rmm^ for facing said any 
5 second key with said second key with sasd ID that accords, 

iT, A subscnbar terminal as daftnsciclasm 12, ^harein said um§ rosans, said means for decrypting !said enorypied 
second key aM key areraaj&ed as a Single modMfev 

to 
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